Social engineering accounts for majority of crypto TVL exploits in 2025, report shows

ambcryptoPubblicato 2025-12-26Pubblicato ultima volta 2025-12-26

Introduzione

In 2025, crypto theft and exploits have resulted in over $2.53 billion in losses, with broader theft estimates reaching up to $3.4 billion. Social engineering emerged as the dominant attack method, accounting for 55.3% ($1.39 billion) of total exploit-related value. Private key compromises represented 15% ($0.37 billion), while other techniques like infinite mint attacks and smart contract exploits made up the remainder. North Korea-linked hackers were the most prolific threat actors, responsible for at least $2.02 billion in stolen crypto, largely due to a $1.4 billion breach of the Bybit exchange. The data indicates a shift in exploitation focus from technical vulnerabilities to human and operational weaknesses, emphasizing the need for improved user security, key management, and operational safeguards rather than solely relying on code fixes.

Crypto theft and exploits have continued at historically high levels in 2025, with industry data showing more than $2.53 billion in losses linked to exploits this year — and broader theft figures pushing that total even higher, according to Sentora and a recent Chainalysis report.

Sentora’s latest chart on “Total TVL of Exploits 2025” breaks down how the losses occurred. It reveals that social engineering remains the dominant attack technique, accounting for 55.3 % [$1.39 billion] of exploit-related value taken so far.

Other techniques, such as private key compromise, infinite mint attacks, and smart contract exploits, together accounted for the remainder of losses.

Social engineering and human-centric attacks surge

The Sentora data highlights how the focus of exploitation has shifted. While smart contract bugs and protocol vulnerabilities remain significant concerns, social engineering now outweighs purely technical exploits by a substantial margin.

Private key compromises, which can be related to phishing, malware, or inadequate credential management, accounted for 15 % of exploit losses [$0.37 billion].

This highlights how adversaries are increasingly targeting human and operational weaknesses alongside traditional code flaws.

Industry-wide exploits tops $3B

Separate 2025 analysis by Chainalysis, corroborated by industry monitoring firms’ estimates, suggests that between $2.7 billion and $3.4 billion in cryptocurrency was stolen across all theft categories this year.

This includes large single-event breaches, personal wallet thefts, and other illicit activity.

North Korea–linked hackers again emerged as the most prolific threat actors. Chainalysis reported that at least $2.02 billion in stolen crypto this year was tied to DPRK-affiliated groups, a roughly 51% increase year-over-year from 2024 levels.

Much of this total stemmed from a record-setting exploit of the Bybit exchange, where attackers stole an estimated $1.4 billion in assets.

Exploit landscape evolving

Industry analysts say the broader trend reflects improvements in automated auditing, formal verification, and protocol safety tooling, making large smart contract vulnerabilities rarer.

Meanwhile, attackers have shifted toward tactics that exploit users and privileged access.

Chainalysis also noted a sharp increase in personal wallet thefts this year, with thousands of individual victims affected. However, those losses were smaller on a per-incident basis compared with large institutional hacks.

What this means for the ecosystem

Taken together, the data suggests that mitigating exploits in 2025 has less to do with fixing code and more to do with improving user security, key management practices, and operational hygiene across exchanges, custodians, and wallet providers.

Final Thoughts

Crypto losses in 2025 are being driven far more by human and operational failures than by smart contract bugs, with social engineering now the dominant attack vector.
As attackers increasingly bypass protocol code to target users, wallets, and access controls, improving user security and operational safeguards has become as critical as technical audits for reducing future losses.

Domande pertinenti

QAccording to the report, what percentage of the $2.53 billion in exploit-related losses in 2025 was attributed to social engineering?

A55.3% of the exploit-related losses, amounting to $1.39 billion, were attributed to social engineering.

QWhich country-linked hackers were identified as the most prolific threat actors in 2025, and how much stolen crypto were they responsible for?

ANorth Korea-linked hackers were the most prolific threat actors, responsible for at least $2.02 billion in stolen cryptocurrency, a roughly 51% increase from 2024.

QWhat was the estimated total range of cryptocurrency stolen across all theft categories in 2025, according to Chainalysis and industry monitoring firms?

AThe estimated total range of cryptocurrency stolen across all theft categories in 2025 was between $2.7 billion and $3.4 billion.

QBesides social engineering, what were the other techniques mentioned that contributed to the exploit losses?

AOther techniques contributing to the losses included private key compromise, infinite mint attacks, and smart contract exploits.

QWhat does the data suggest is the primary focus for mitigating exploits in 2025, according to the article's conclusion?

AThe data suggests that mitigating exploits in 2025 has less to do with fixing code and more to do with improving user security, key management practices, and operational hygiene across exchanges, custodians, and wallet providers.

Letture associate

BTC Market Pulse: Week 20

Bitcoin's price moved higher from the high-$77Ks into the low-$82Ks last week, with buyers absorbing pullbacks. Market indicators show bullish undertones but also signs of potential stabilization. Spot and futures data reveal strong bullish sentiment and increased speculative activity, though declining long-side funding suggests some waning bullish momentum. Options market activity points to neutral-to-bullish expectations but elevated pricing of future risk, indicating uncertainty. On-chain metrics strengthened, with increases in daily active addresses, transfer volume, and fees, signaling a more engaged network and higher activity. Profitability improved as the market moved back into profit, yet levels remain below those typically triggering heavy selling, suggesting optimism is measured. Overall, Bitcoin's market structure shows improvement with stronger on-chain activity and more stable holder positioning. However, softer capital inflows and cautious sentiment indicate the market remains sensitive to shifts in risk appetite.

insights.glassnode21 min fa

insights.glassnode21 min fa

IREN's Insanity: Selling Miners, Buying GPUs, Stock Price Up 16%

IREN, a Bitcoin mining company, saw its stock price surge 16% after releasing its quarterly earnings on May 8th. The surge was not driven by Bitcoin's price, but by the company's radical strategic shift away from cryptocurrency mining and towards AI infrastructure. The company reported a $140 million impairment charge after decommissioning and listing for sale 5,800 of its Bitmain S21 Pro mining rigs. It also maintains a policy of selling all mined Bitcoin daily, holding zero crypto assets. Despite this dismantling of its core business, investor sentiment was positive due to IREN's aggressive pivot into AI. This shift is backed by massive, long-term contracts. IREN announced a new 5-year, $3.4 billion collaboration with NVIDIA, which includes an equity investment commitment. This follows a previously secured 5-year, $9.7 billion GPU cloud services agreement with Microsoft. To support these deals, IREN acquired European data center capacity and cloud software capabilities. Management targets 480 megawatts of AI capacity, 150,000 GPUs, and $3.7 billion in annual recurring revenue by late 2026. While other North American miners are exploring hybrid "mining + AI" models, IREN is making a clean break, betting entirely on the booming demand for AI compute power. The move highlights a broader industry trend where the value of mining hardware is declining while GPU-based AI infrastructure is in critically short supply.

marsbit40 min fa

IREN's Insanity: Selling Miners, Buying GPUs, Stock Price Up 16%

marsbit40 min fa

Saylor Says Strategy’s Bitcoin Credit Model Is Not A Ponzi Scheme

Michael Saylor defended MicroStrategy's Bitcoin-backed credit model against criticisms that it resembles a Ponzi scheme, emphasizing the company monetizes Bitcoin's capital gains rather than relying on perpetual equity issuance. He clarified his famous "never sell your Bitcoin" stance, stating the more precise strategy is to never be a *net seller*. The company's recent announcement that it might sell Bitcoin to fund dividends on its STRC preferred instrument sparked debate. Saylor explained the core model: issuing credit to buy Bitcoin, expecting its long-term appreciation to exceed dividend costs, analogous to a real estate firm. He argued that even if Bitcoin is sold for dividends, ongoing credit issuance ensures the company remains a net buyer, especially if Bitcoin appreciates more than the dividend yield. Saylor dismissed critics like Peter Schiff, stating their objections stem from rejecting Bitcoin's legitimacy itself. He described STRC as overcollateralized "digital credit" designed to offer yield while mitigating volatility.

bitcoinist41 min fa

Saylor Says Strategy’s Bitcoin Credit Model Is Not A Ponzi Scheme

bitcoinist41 min fa

Dissecting Circle's Q1 Earnings Report: After the Interest Rate Dividend Ebbs, USDC Prepares for a Big Chess Game

Title: Circle Q1 2026 Earnings: Shifting Strategy as Interest Rate Windfall Subsides Circle reported its Q1 2026 financial results. While total revenue and reserve income of $694M slightly missed expectations, adjusted EBITDA grew 24% to $151M. A key trend is the decline in reserve income due to lower Federal Reserve interest rates, which Circle is countering by diversifying its revenue streams. Notably, non-interest "Other Revenue" hit a record $42M. USDC's circulation reached 77 billion, up 28% year-over-year, but its on-chain transaction volume surged 263% to $21.5 trillion, indicating significantly higher utilization in payments and DeFi. Financially, the core RLDC Margin improved to 41%, showing better cost control. However, operating expenses nearly doubled, partly due to post-IPO stock compensation costs. Looking ahead, Circle is expanding beyond being a simple stablecoin issuer. It highlighted the $222M presale for its Arc Network (valued at $3B) and launched new services like Managed Payments and the "Agent Stack" for AI-driven commerce. The company's strategy is evolving to position USDC as the foundational dollar network for the internet, targeting broader payment, enterprise, and AI agent economies.

marsbit1 h fa

Dissecting Circle's Q1 Earnings Report: After the Interest Rate Dividend Ebbs, USDC Prepares for a Big Chess Game

marsbit1 h fa

Deciphering Circle's Q1 Financial Report: After the Interest Rate Dividend Ebbs, USDC Is Planning a Grand Strategy

Circle's Q1 2026 financial report shows total revenue and reserve income of $6.94 billion, slightly below expectations, with net profit at $550 million, down 15% year-over-year. The company attributes the slowdown in revenue growth to declining reserve asset yields following a Federal Reserve rate cut. However, other revenue streams reached a record $420 million, indicating a diversification away from interest dependence. Key operational highlights include USDC's circulating supply reaching 77 billion, a 28% annual increase, while its on-chain transaction volume surged 263% to $21.5 trillion, showing significantly higher usage frequency. Circle's core RLDC Margin improved to 41%, reflecting better cost control. Looking beyond interest rate reliance, Circle is expanding into new areas. Its Arc Network completed a $2.22 billion ARC token presale at a $30 billion valuation. The company also launched Agent Stack, an infrastructure suite for AI Agent economies, and its Circle Payments Network (CPN) shows an estimated annual transaction volume of $83 billion. The report suggests Circle's strategy is evolving from merely issuing a stablecoin to building USDC into a foundational dollar network for the internet, targeting cross-border payments, enterprise settlement, and the emerging AI-driven economy.

Odaily星球日报1 h fa

Deciphering Circle's Q1 Financial Report: After the Interest Rate Dividend Ebbs, USDC Is Planning a Grand Strategy

Odaily星球日报1 h fa

Trading

Spot

Futures